Free service helps CryptoLocker victims get their files back

FireEye and Fox-IT announced DecryptCryptoLocker, a new service assisting victims of the CryptoLocker ransomware.

Available immediately for no cost, the service can offer help to the users of machines whose files remain encrypted by CryptoLocker.

CryptoLocker is a type of ransomware that typically targeted small enterprises, encrypting the files of computers it infected and giving victims 72 hours to pay the ransom to receive a private key that decrypts their files.

Although the Department of Justice has reported that CryptoLocker has been neutralized, many CryptoLocker victims have not been able to decrypt their files. DecryptCryptoLocker is designed to provide users with private keys to allow for the decryption of files that were encrypted by CryptoLocker.

To use the DecryptCryptoLocker tool, users need to:

Identify a single, CryptoLocker-encrypted file that they believe does not contain sensitive information.

Upload the non-sensitive encrypted file to the DecryptCryptoLocker portal.

Receive a private key from the portal and a link to download and install a decryption tool that can be run locally on their computer.

Run the decryption tool locally on their computer, using the provided private key, to decrypt the encrypted files on their hard drive.

DecryptCryptoLocker is available globally and does not require users to register or provide contact information.

“The criminals continue to push the boundaries; Fox-IT’s InTELL team and FireEye have shared expertise and investment to deliver a free service that demonstrates there are plenty of good guys who are there to help those who are the victims of the criminals,” said Andy Chandler, senior vice president, Fox-IT.